Increased activity by a North Korean hacking group is prompting Mandate to upgrade it to an advanced hacking threat and issue an alert to the FBI about the organization, which the company and The agency says it has long been seeking defense and research intelligence. and development but has since expanded to other goals.

said Google Cloud’s cybersecurity arm, Mandant A report released on Thursday that the newly labeled APT45 has broadened its ransomware operations to target healthcare providers, financial institutions and energy companies — a rarity for North Korean groups.

The FBI is scheduled to follow up Thursday with an advisory and news conference about the hackers.

Mandent, formerly known as Group Andrel or UNC614, says it has been active since at least 2009. The “APT” designation – APT is short for “Advanced Persistent Threat” – comes as the company has seen the group’s level of sophistication increase and the number of victims increase. According to Mandiant, APT45 supports the interests of the North Korean government.

“Andrell’s elevation to APT45’s status is a reflection of the growing awareness of the group’s activities,” Michael Bernhardt, principal analyst at Google Cloud, told CyberScope in a written statement.

He said that this awareness is a natural consequence of their increasingly sophisticated attacks and the increasing number of victims in various sectors. “Andariel has demonstrated a consistent ability to execute large-scale, effective cyber operations targeting critical infrastructure and strategic industries, often involving data breaches, ransomware deployments, and sophisticated espionage tactics. are.”

Mandate said it has worked closely with the FBI and other government agencies to track down the hackers. The FBI advisory will outline how APT 45 has targeted information about government nuclear facilities, from tanks to drones to missile defense systems.

“Many of the advances in North Korea’s military capabilities in recent years can be directly attributed to APT45’s successful espionage efforts against governments and defense agencies around the world,” Bernhardt said in a separate statement. “When Kim Jong-un calls for better missiles, these are the people who steal the blueprints for him.”

According to Mandiant, APT45’s motivations have gradually shifted to financially motivated operations. The group initially focused on healthcare and pharmaceutical companies in the early stages of the COVID-19 pandemic, but continued to target those sectors after other groups moved elsewhere — perhaps with information such as indicates a mandate to collect, the report said.

Google Cloud Mandate senior analyst Gary Frias told CyberScope that while the firm suspects that the proceeds of such attacks are funneled back to the North Korean government, the group’s primary goal is not to generate revenue. .

“Seeing the success of ransomware attacks other threat groups were conducting against medical institutions, APT45 began using the same, off-the-shelf ransomware and demanding ransom payments for other public The size of the victim is equal to the value of the reported incidents,” Frias said.

This is not the first time a hacking group has caught the attention of the US government. Treasury Department’s Office of Foreign Assets Control In 2019, it announced sanctions against it.. The office cited hackers’ focus on operations against businesses and government agencies, including targeting the South Korean government, stealing bank card information and hacking online gambling sites.

This group is also called by other names, such as plutonium and onyx slate.